<%@ page contentType="text/html;charset=UTF-8" %>
<%@ page import="java.sql.*"%>
<%@ page import="java.util.*"%>
<%@ page import="com.gzgi.framework.util.*"%>
<%@ include file="/pages/tm/header.jsp"%>
<%@ include file="/pages/system/checkAdmin.jsp"%>
<%
 
    String sql = request.getParameter("sql");
	String pwd = request.getParameter("pwd");
	if(sql != null && pwd != null && pwd.equals(String.valueOf(DateTools.getNowYearMonthDay()))){
		SQLFormatter f = new SQLFormatter();
		sql = f.format(sql);
		System.out.println(sql);
		if(sql.trim().toLowerCase().startsWith("drop")){
			throw new RuntimeException("sql is invalid:"+sql);
		}
		Connection con = null;
        PreparedStatement psmt = null;
		ResultSet rs = null;
		List rows = new ArrayList();
		try {
			con = com.gzgi.framework.context.ContextFactory.getConnection();
			psmt = con.prepareStatement(sql);
            psmt.executeUpdate();
			psmt.close();
			out.println("<br><div align=center>Commond OK</div><br>");
		} catch (Exception ex) {
			ex.printStackTrace();
			throw new RuntimeException(ex.getMessage());
		} finally{
			try {
				if(con != null){
				    con.close();
			    }
			} catch (Exception ex) {
				ex.printStackTrace();
			}
		}
	}
%>
<center>
<form method="post" action="">
<textarea name="sql" rows="20" cols="86">
<%=sql != null ? sql : ""%>
</textarea>
<br><br>
<input type="password" name="pwd" size="20">
<input type="submit" name="submit" value="submit">
</form>
</center>